# huaweicloud_identity_agency

resource "huaweicloud_identity_agency" "agency" {
  name                   = "test_agency"
  description            = "test agency"
  delegated_service_name = "op_svc_evs"

  project_role {
    project = "cn-north-1"
    roles   = ["SFS FullAccess"]
  }
  domain_roles = ["KMS Administrator"]
}

#管理HuaweiCloud IAM 服务中的用户组资源
resource "huaweicloud_identity_group" "group_1" {
  name        = "group_1"
  description = "This is a test group"
}

#IAM项目资源
resource "huaweicloud_identity_project" "project_1" {
  name        = "cn-north-1_project1"
  description = "This is a test project"
}

#用户资源
resource "huaweicloud_identity_user" "user_1" {
  name        = "user_1"
  description = "A user"
  password    = "password123!"
}

#IAM管理组角色分配
resource "huaweicloud_identity_role_assignment" "role_assignment_1" {
  role_id    = data.huaweicloud_identity_role.role_1.id
  group_id   = huaweicloud_identity_group.group_1.id
  project_id = var.project_id
}


# WAF

#配置证书ID
variable certificated_id {}
variable vpc_id {}
variable dedicated_engine_id {}

resource "huaweicloud_waf_dedicated_domain" "domain_1" {
  domain         = "www.example.com"
  certificate_id = huaweicloud_waf_certificate.certificate_1.id

  server {
    client_protocol = "HTTPS"
    server_protocol = "HTTP"
    address         = "192.168.1.100"
    port            = 8080
    type            = "ipv4"
    vpc_id          = var.vpc_id
  }
}
